A new phishing campaign has surfaced targeting users of crypto hardware wallet provider Trezor, this time by exploiting a security gap in its automated support system. Attackers reportedly used Trezor’s own infrastructure — specifically its contact form — to initiate seemingly legitimate support emails, putting user funds at risk. The company clarified on 23 June that its internal systems had not been breached, but the manipulation of its automated processes enabled scammers to deceive recipients with authentic-looking messages. Trezor @Trezor · Follow Important UpdateWe have identified a security issue where attackers abused our contact form to send scam emails appearing as legitimate Trezor support replies. These scam emails appear legitimate but are a phishing attempt.Remember, NEVER share your wallet backup — it must 3:20 pm · 23 Jun 2025 425 Reply Copy link Read 19 replies Trezor @Trezor · Follow Replying to @Trezor Here’s what happenedThere was no email breach. Attackers contacted our support on behalf of affected addresses, triggering an auto-reply as a legitimate Trezor support message.Our contact form remains safe and secure. We’re actively researching ways to prevent future 3:47 pm · 23 Jun 2025 38 Reply Copy link Read 2 replies Exploited system flaw leads to support email abuse The scam begins when bad actors submit fake queries through Trezor’s support form using the email addresses of their intended victims. This prompts an automatic support reply from Trezor’s system, giving the appearance of a legitimate communication from the company. Users receiving these emails are then urged to share sensitive information, such as their wallet backup or seed phrase — a classic phishing tactic. While Trezor’s systems remain uncompromised, the incident has raised significant concerns about the potential misuse of automated customer engagement tools. Trezor posted on X (formerly Twitter) that the issue has been “contained” and said investigations are ongoing. The firm also added that additional safeguards are being implemented to prevent similar abuses of its platform. Trezor’s recent security history under review This incident follows an earlier security issue in January, where attackers accessed Trezor’s newsletter subscriber database. That attack involved the misuse of a third-party service to send emails that appeared to originate from the Trezor team, further underscoring the vulnerability of customer communication channels. In both cases, no direct access was gained to user wallets or internal databases, but the continued targeting of Trezor’s user base highlights the persistent threat of social engineering and phishing in the cryptocurrency ecosystem. Security analysts and members of the broader crypto community have raised questions about Trezor’s ability to safeguard its users from such vectors. In particular, researchers at Ledger Donjon, the security arm of Trezor’s rival Ledger, have issued their own concerns regarding the security of Trezor’s Safe models. According to the research, these wallets might not be fully secure against advanced physical attacks, especially if an attacker gains temporary access to the device. Company urges vigilance as crypto-targeted scams increase In its latest advisory, Trezor reiterated key security practices, reminding users that it will never ask for sensitive information, including their wallet backup. The company stressed that backups must remain private and offline at all times. This warning comes amid a broader rise in crypto-targeted phishing campaigns, many of which rely more on user manipulation than on sophisticated hacking tools. Trezor’s latest incident has become a cautionary example of how automated systems can be exploited in increasingly creative ways, even without breaching the core network or software of a company. As crypto adoption grows and user bases expand, these types of attacks are likely to become more frequent and complex. The post Trezor users targeted in phishing scam as attackers exploit support system flaw appeared first on Invezz
